• Curling – HackTheBox writeup
    Curling is a retired vulnerable Linux machine available from HackTheBox. The machine maker is L4mpje, thank you. It has an Easy difficulty with a rating of 4.4 out of 10. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal is to obtain root shell together with both user & […]
  • How to use Windows 10 RemoteFX with GPU acceleration and sound in Hyper-v
    I was looking for a way to pass through GPU acceleration to virtual machines for some processing tasks. However, most methods (such as DDA or VMware ESXi) requires specific server hardware, server hypervisor OS, support CPU & motherboard firmware. Sadly, I don’t have matching specification to use those methods. Then I come across RemoteFX. While […]
  • Remote – HackTheBox writeup
    Remote is a retired vulnerable Windows machine available from HackTheBox. The machine maker is mrb3n, thank you. It has an Easy difficulty with a rating of 4.7 out of 10. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. No automated tools are needed. The goal is to obtain root shell […]
  • How to turn off all RGB lights on my 3700X PC build
    My build: Ryzen 7 3700X Build with Asus TUF Gaming X570-Plus While the RGB lights in my PC build add beautiful lighting effects to the computer, there are time and situation when you don’t want those flashy RGB lights. In my case, my PC build is used as a work machine, not a gaming machine. […]
  • Ryzen 7 3700X $2K Build with Asus TUF Gaming X570-Plus
    My last PC build was an Intel i7-4770K with Asus Z87-Plus. It serves me well for many years. But has recently been giving me different issues. It’s about time to build another one before it runs out on me. The AMD 3rd GEN seems very promising so this time I would like to try out […]
  • Jarvis – HackTheBox writeup
    Jarvis is a retired vulnerable machine available from HackTheBox. The machine maker is manulqwerty & Ghostpp7, thank you. It has a Medium difficulty with a rating of 4.9 out of 10. I think it’s somewhat between easy & medium. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal is […]
  • Continuous Deployment using AWS CodeBuild with CDK for Next.js
    Typically in AWS environment, we use CodePipeline as the orchestrator to build, test and deploy our application/service. But in some scenario such as deploying static websites, we may just need to achieve simple continuous deployment. In these cases, we don’t need the full blown deployment pipeline for staging and approval process. We can simply use […]
  • Mirai – HackTheBox writeup
    Mirai is a retired vulnerable machine available from HackTheBox. The machine maker is Arrexel, thank you. It is a pretty easy machine with a difficulty rating of 3.7 out of 10. No automated tools are required to solve the machine. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal […]
  • Deploying Static React Next.js to AWS S3
    Next.js is the React Framework that helps deploying a static website or dynamic website with server side rendering. This post will illustrates how to host a simple React application on AWS S3 using Next.js framework. Node.js is required. Setup Next.js project npm init next-app This command will ask couple simple questions including project name & […]
  • Setup on-premise NFS file share using AWS File Gateway
    AWS File gateway, running as a VM server locally, can act as a NFS or SMB file share to actually store your files at AWS S3. Your on-premise machines can then connect and mount the file share to access data stored at S3 as if they are available locally. This can be a great first […]
  • Migrating React SPA from .NET Core to Next.js
    The post looks at some options moving forward for developing applications using React/Angular/Vue with ASP.NET Core. Each option has it’s own advantage and short comings depending on the application requirements. SpaServices & NodeServices going away SpaServices and NodeServices become deprecated, starting at .NET Core 3.1. And they will be removed when .NET 5 arrives. .NET […]
  • Writeup – HackTheBox writeup
    Exploitation Summary Initial Exploitation Vulnerability: SQL Injection vulnerability of CMS Made Easy Explanation: CMS Made Easy version 2.2.9.1 has a SQL Injection vulnerability that results in exposure to login id and password hash Privilege Escalation Vulnerability: Hijack Command Execution by Path Interception Explanation: A writable bin folder exists in the execution search PATH and is […]
  • Ways to transfer files to VMware ESXi server
    There are different ways to transfer installation files or VMs over to ESXi server. You can do it over the network or you can do it using USB. Although ESXi server does not directly support file transfer through USB, there are steps we can do to achieve that. We will be going over the a […]
  • Deploy AWS S3 Website using CDK in Python
    CDK stands for Cloud Development Kit. It defines cloud infrastructure in code and provisions resources through AWS CloudFormation. This post will demonstrate how to setup and execute a simple CDK application to create a AWS S3 Static Website. Prerequisites Node.js >= 10.3.0 Python 3 configured AWS CLI with read/write access to S3 service Install AWS […]
  • Irked – HackTheBox writeup
    Exploitation Summary Initial Exploitation Vulnerability: Backdoor Command Execution of UnrealIRCD Explanation: A malicious backdoor was added to UnrealIRCD version 3.2.8.1 Privilege Escalation Vulnerability: suid executable viewuser Explanation: It can execute as root and is looking for another command to execute in which we can exploit Enumeration nmap -p- -A -T4 10.10.10.117 TCP 22: OpenSSH 6.7p1 […]
  • Deploying Static React GatsbyJs to AWS S3
    Gatsby is a free and open source framework based on React that helps developers build blazing fast websites and apps. It achieves high performance by generating static files for your React application. This post will illustrates how to host a simple React application on AWS S3 using Gatsby framework. Node.js is required. Setup Gatsby First install the gatsby […]
  • How to transfer domain to AWS Route 53
    AWS Route 53 is a highly available DNS service offered by Amazon. It also serves as domain registrar where you can register and manage your domain registration. It’s competitive and reliable. The post illustrates how to transfer a domain registration to Route 53 if you want to use it to manage your domains. Step 1: […]
  • SwagShop – HackTheBox writeup
    Exploitation Summary Initial Exploitation Vulnerability: Remote code execution via Magento Explanation: Magento has couple remote code execution vulnerabilities allowing admin account creation and then code execution through admin account Privilege Escalation Vulnerability: sudo vi capability Explanation: shell can be obtained through vi Enumeration nmap -p- -A -T4 10.10.10.140 TCP 22: OpenSSH 7.2p2 Ubuntu TCP 80: […]
  • How to merge PDF files quick and easy?
    We discussed how to view PDF files more safely a while back. Most of the time we only need to read PDF files. But once in a while, we want to combine pages from different PDF files into a single PDF file. There are quite a bunch of websites that offer merging PDF files online. […]
  • 5 tips to open PDF files more safely
    Fact: Simply opening an infected PDF file can get your device compromised. Need: to open PDF files more safely. PDF probably is the most commonly used format to facilitate exchange of electronic copy of documents. We share content using PDFs all over the web, through emails. And we receive our statements, bills, invoices from our providers. […]
Close Menu